The Impact of the US Federal Regulatory Agencies on the LIMS - Essay Example

Citation] Citation] Citation] 8th April Evaluating the Impact of U.S. Federal Regulatory Agencies on Laboratory Information Management System (LIMS) Software 1. Introduction All LIMS applications implemented within the jurisdiction of the U.S. Federal Government are regulated by two main agencies : the Centers for Medicare and Medicaid Services (CMS) and the Foods and Drug Administration (FDA) Office of Surveillance and Epidemiology (OSE). Both of these agencies will be looking chiefly for the integrity and security of the data held and processed by the LIMS application. By integrity, both regulatory agencies will expect that the truth of the medical data, both in terms of patient records and general pharmaceutical information, meets the standards set, notably CMS Regulations Part 493 Sub-part K, Clinical Laboratory Improvement Amendments of 1988 (CLIA), and OSE Manual of Policies and Procedures (MAPP) 6700.2. In terms of information security, both agencies will be expecting to be satisfied that the requirements of CMS Regulations Part 170, regarding Information Security, have been met. In practice, Part 170 simply reflects ICT industry standard practice, so providing that the laboratory meets these industry standards, both agencies will be satisfied. In areas specifically involving pathology, a given LIMS implementation will also need to be approved by the College of American Pathologists (CAP). CAP regulators will expect that the LIMS implementation will meet their approval in four key areas: discipline, equipment manufacturer, specimen type and method of analysis. CAP inspections must be regarded as additional to the CMS and OSE inspections and compliance defined below. When examining the exchange of electronic health data, the Federal Regulators will be looking for the use of logical observation identifiers names and codes (LOINC) naming conventions. In order to facilitate the exchange of electronic clinical data between the LIMS being examined and other LIMS implementations, the Regulators will be checking for the use of systematized nomenclature of medicine clinical terms (SNOMED), as defined for specific U.S. applications by the CMS, FDA and, where relevant, CAP. 2. Impact of CMS Regulations on a LIMS Implementation All LIMS Implementations must meet the Centers for Medicare and Medicaid Services (CMS) Regulations Part 493 Subpart K - Quality System for Nonwaived Testing. This means each LIMS implementation must include as a minimum the following. Implementing and monitoring a quality system that covers all phases of the testing process (that is, pre-analytic, analytic, and post-analytic) as well as general laboratory systems. Continuous improvement of the laboratory’s performance and services through ongoing monitoring that identifies, evaluates and resolves problems. Establishing and following policies and procedures for monitoring, assessing, and, when indicated, correcting problems identified in the general laboratory systems requirements specified in CMS Regulations Part 493 Subpart K that apply to the laboratory in question. Including a Quality Assessment (QA) module that provides Verifiable Demonstrable Evidence (VDE) regarding all facets of the laboratory’s technical and non-technical functions and all locations/sites where testing is performed, including all the laboratory’s responsibilities to patients, physicians, and other laboratories ordering tests, and all other non-laboratory areas or departments within the facility. This VDE must also cover identifying and resolving all problems, and corresponding policies and procedures to prevent recurrence. Such policies must be formally recorded and communicated to the laboratory personnel and other staff, clients, etc. Monitoring the corrective action(s) to ensure that the action(s) taken have prevented recurrence of the original problem. All pertinent laboratory staff must be involved in the assessment process through active participation : get them to ‘buy in’ to the amendments, in other words. The LIMS under consideration must implement patient confidentiality, specimen identification and integrity, complaint investigations, communications and system proficiency testing performance to the satisfaction of the Federal Regulators. 3. Clinical Laboratory Improvement Amendments of 1988 (CLIA) The CLIA Amendments, as per Hamilton [Hamilton T. Survey and Certification Group. Centers for Medicare and Medicaid Services (CMS). Clinical Laboratory Improvement Amendments of 1988 (CLIA) – Issuance of Revised Survey Procedures and Interpretive Guidelines for Laboratories and Laboratory Services in Appendix C of the State Operations Manual to Facilitate the Electronic Exchange of Laboratory Information March 1st 2010. Web. 17th March 2014] combine the provisions of Title IV of the Recovery and Reinvestment Act of 2009 (ARRA), which was enacted on February 17, 2009, and the Health Information Technology for Economic and Clinical Health (HITECH) Act. The provisions in the HITECH Act require all licensed medical laboratories in the United States to implement certified Electronic Health Record (EHR) technology tho the satisfaction of the regulators. The term “meaningful use”, defined in the HITECH Act, is explained below. The CLIA regulations impact most aspects of the electronic exchange of laboratory information, and often reflect of State laws, and therefore all stakeholders involved must understand this. The CLIA regulations are a key component in optimizing health information exchange and realize the goals set by ARRA. The LIMS implementation must therefore follow the CLIA Interpretive Guidelines related to the transmission of laboratory information in order to achieve the free and secure exchange of electronic health information. Hamilton [15-18] provides the Health Information Technology goals that must be met in order to achieve this. The outstanding specific regulatory ARRA [American Recovery and Reinvestment Act (ARRA). Supplementary Buy American Guidance for NIST Construction Grants. National Institute for Standards and Technology. January 12, 2011. Web. 16th March 2014] requirement to be met is that of the ‘Buy American’ clause. This means that, if the LIMS implementation is intended for a public body of any kind within United States sovereignty, only American vendors of LIMS software may be used in order to qualify for a ARRA grant. However, if the LIMS implementation is for a privately-owned body, the full range of software vendors may be considered, and still qualify for a grant. These provisions also apply to sub-contractors, notably the suppliers of the ICT hardware the LIMS will run on, and the medical laboratory equipment that the LIMS implementation in question will interface with. It must be borne in mind that ARRA Grants will be monitored by the Federal Dept. of Commerce, although ongoing regulation may be delegated to the CMS. There is no corresponding HITECH impact - implementing the CLIA requirement will cover this. 4. Impact of Meaningful Use The CMS Meaningful use objectives are being implemented through the Electronic Health Records (EHR) Program [CMS Staff. Eligible Professional Meaningful Use Table of Contents Core and Menu Set Objectives. Stage 1. Current. Web. 17th March 2014.]. As of March 2014, the primary set of requirements expected to be satisfied by a given LIMS implementation by the CMS are within the Stage 1 Core and Menu Set Objectives. The main Objective within this Stage is Core Objective 14 (Protect Electronic Health Information) - the other Core and Menu Objectives apply to medical practitioners and pharmacists rather than laboratories. Core Objective 14 (which reflects Part 170 of the CMS Regulations) is essentially an Information Security Measure and sets out what are basically industry-standard Information Security (IS) requirements, but in a medical context. Part 170 sets out these requirements in detail under the following headings. Access Control Emergency Access, which also implies a functioning Business Continuity/Disaster Recovery process Automatic Log-Off Audit Data Encrypted Data Storage, for Certified EHR technology in a LIMS context. Encrypted Data Financial Information The data files held within the LIMS database must also meet the following CMS Regulations Part 170 Criteria. Recording Actions Data Integrity In Transit Encryption Treatment, Payment & Surgical Procedures The CMS, when they inspect the facility where the LIMS implementation is based, will also be looking for physical access control measures as a back-up to the electronic information security measures outlined above. They will also be looking for robust ICT-industry standard Information Classification levels for the information held within the facility as well as policies, widely followed in the ICT industry including a prohibition on ‘private’ devices, such as tablets and smartphones used by staff, being connected to the enterprise’s network, with only enterprise-approved remote devices being allowed remote access along with constant escorting and supervision of contractors’ staff. 5. Impact of Food & Drug Administration (FDA Regulations) These are set out most clearly in [Manual of Policies and Procedures. Center for Drug Evaluation and Research MAPP 6700.2. Office of Surveillance and Epidemiology (OSE). Standards for Data Management and Analytic Processes in the Office of Surveillance and Epidemiology (OSE)]. The LIMS implementation will be evaluated by the FDA Inspectors according to these guidelines. They will be looking for full compliance in planning, implementing, and validating the management and analysis of clinical data to standards at least as good as those of the OSE, using LIMS data that has also been provided to the FDA in support of their regulatory activities. The laboratory must expect that this will include logical observation identifiers names and codes (LOINC) naming conventions for all clinical and immediately related data items. The Regulators will also be looking for the use of systematized nomenclature of medicine clinical terms (SNOMED), as defined for specific U.S. applications by the CMS, FDA and, where relevant, CAP, in order to ensure that the exchange of EHR data between the laboratory being audited and other LIMS implementations is properly facilitated. The FDA will therefore be acting as a cross-check for the CMS inspectors. The laboratory using LIMS will therefore have to great care to satisfy both regulators. The FDA (OSE) inspectors will be conducting security and integrity evaluations of the LIMS implementation and the laboratory must therefore expect the OSE inspectors to be checking the LIMS implementation against benchmarks provided by the full portfolio of electronic clinical data, reflecting benchmark health-oriented projects undertaken to study laboratory data integrity and security issues. The results of these projects will used to inform the OSE’s regulatory decisions as well as FDA policy making. The means by which the OSE inspectors will access the LIMS database(s) will vary with, and will be dependent upon, the specific data source. This will include the customized LIMS application, along with the data in a raw form that requires the OSE personnel to carry out extensive data management before starting their data analysis. The OSE recognises that managing large datasets is a complex task and their inspectors will therefore seek to use a standard approach when performing data management and analysis to ensure an acceptable work product, and will therefore make due allowances for this, providing that the laboratory can demonstrate that it has made a genuine attempt to achieve satisfactory levels of security and integrity of the medical data it holds. 6. Conclusion From the above, it is all too clear that a LIMS application will be heavily regulated by the appropriate U.S. Federal Agencies, such as the CMS and FDA with perhaps specific input from the CAP. In order to accommodate the requirements of these Agencies, it will be necessary to form and maintain a Regulatory Compliance Team, led by a Compliance Officer who has Federally-recognized qualifications in this field. This team will be responsible for ensuring that the integrity and security of the laboratory’s medical data, of all forms, meets at all times the requirements of the CMS, FDA and perhaps CAP. This means that all of the laboratory’s staff will need to take account of all Federal Agency requirements as part of their daily tasks. The best way of this is by the Regulatory Compliance Team compiling and enforcing an Internal Control System (ICS), published in the form of a suite of documents of that name, that sets out the processes and procedures to be followed by the laboratory when using their LIMS application, in terms of clinical procedures (as per CMS Part 493), information control procedures (as per CMS Part 170), configuration control procedures and physical access control procedures. The laboratory will be audited against this ICS when the CMS and FDA inspectors arrive, most likely on an annual basis. Works Cited CMS Staff. Centers for Medicare and Medicaid Services (CMS) Regulations Part 493 Subpart K - Quality System for Nonwaived Testing. Current. Web. 17th March 2014. Available : http://www.cms.gov/Regulations-and-Guidance/Legislation/CLIA/ downloads/apcsubk1.PDF. Hamilton T. Survey and Certification Group. Centers for Medicare and Medicaid Services (CMS). Clinical Laboratory Improvement Amendments of 1988 (CLIA) – Issuance of Revised Survey Procedures and Interpretive Guidelines for Laboratories and Laboratory Services in Appendix C of the State Operations Manual to Facilitate the Electronic Exchange of Laboratory Information March 1st 2010. Web. 17th March 2014 Available : http://www.cms.gov/Medicare/Provider-Enrollment-and-Certification/SurveyCertificationGenInfo/downloads/SCLetter10-12.pdf American Recovery and Reinvestment Act (ARRA). Supplementary Buy American Guidance for NIST Construction Grants. National Institute for Standards and Technology. January 12, 2011. Web. 16th March 2014. CMS Staff. Eligible Professional Meaningful Use Table of Contents Core and Menu Set Objectives. Stage 1. Current. Web. 17th March 2014. Available : http://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/downloads/EP-MU-toc.pdf Manual of Policies and Procedures. Center for Drug Evaluation and Research MAPP 6700.2. Office of Surveillance and Epidemiology (OSE). Standards for Data Management and Analytic Processes in the Office of Surveillance and Epidemiology (OSE). 3 March 2008. Web. 26th March 2014. http://www.fda.gov/downloads/aboutfda/centersoffices/officeofmedicalproductsandtobacco/cder/manualofpoliciesprocedures/ucm082060.pdf Read More